Friday, August 24, 2012

Submission to consultation on Communications Data Bill

I've sent a response to the consulation of the Joint Committee on the draft Communications Data Bill. Having been buried in meetings and battles with bureaucracy it was done at the last minute so may read as something of a tired stream of consciousness. Nevertheless I reproduce it below in the hope that if I've made any errors in the analysis my sharp eyed reader will put me straight. I incorporated the Open Rights Group's draft letter to parliament on the subject as part of the submission, so that bit at least should be fine!

I would like to
register my objection to the Draft Communications
Bill.

My key concerns include:

Home Office vague on
justifications for the Bill and the Bill does not solve the complex problems it
has been posited as addressing

In multiple media engagements the Home Secretary and other
supporters of the Bill mention "protecting the public" from all four
horsemen of the infocalypse - terrorists, drug dealers, child abusers and
organised crime - and more, on several occasions quoting the Met police chief as
insisting passing this legislation is a "matter of life and death".

Building multiple massive databases of intimate personal
communications data makes the public more vulnerable to the four horsemen not
less so. That such mass surveillance will not work can be demonstrated
mathematically.

Floyd Rudmin, Professor of Social & Community Psychology
at the University of Tromsø in Norway, analysed President Bush’s authorisation
of the National Security Agency’s (NSA) secret monitoring of the email messages
and phone calls of all Americans (The Politics of Paranoia and Intimidation Why
does the NSA engage in mass surveillance of Americans when it's statistically
impossible for such spying to detect terrorists? May 24, 2006 by Floyd Rudmin

“The US Census shows that there are about 300 million people
living in the USA.

Suppose that there are 1,000 terrorists there as well, which
is probably a high

estimate. The base-rate would be 1 terrorist per 300,000
people. In percentages,

that is .00033%, which is way less than 1%. Suppose that NSA
surveillance has an

accuracy rate of .40, which means that 40% of real
terrorists in the USA
will be

identified by NSA's monitoring of everyone's email and phone
calls. This is

probably a high estimate, considering that terrorists are
doing their best to avoid

detection. There is no evidence thus far that NSA has been
so successful at finding

terrorists. And suppose NSA's misidentification rate is
.0001, which means that .01%

of innocent people will be misidentified as
terrorists, at least until they are

investigated, detained and interrogated. Note that .01% of
the US
population is

30,000 people. With these suppositions, then the probability
that people are terrorists

given that NSA's system of surveillance identifies them as
terrorists is only

p=0.0132, which is near zero, very far from one. Ergo, NSA's
surveillance system

is useless for finding terrorists.”

Rudmin takes one basic statistic – 300 million people in the
US
– and takes a conservative guess at some others e.g. the proportion of
terrorists in the population. He then does wonderfully simple analysis to prove
mass surveillance is useless for finding terrorists. The kind of conditional
probability calculation done here by Rudmin is based on Bayes’ Theorem, taught
in most introductory college statistics classes and is
mathematically very sound.

Mathematically the 4 horsemen are not problems that lend
themselves to data mining. Even highly accurate data mining systems will swamp
investigators with false positives when dealing with a large population. Law
enforcement authorities end up investigating and alienating large numbers of
innocent people. Finding the horsemen is a needle in a haystack problem and you
can’t find the needle by throwing infinitely more hay on your stack and/or
creating multiple giant and exponentially growing data haystacks.

That such mass databases are useless for finding terrorists
is clear. That they also make the public less safe is associated with the
impossibility of securing mass silos of valuable personal data. Computer
scientists simply do not know how to keep databases of the magnitude of those
envisaged in the Bill secure from external hackers or the multitude of insiders
who have access to these databases as a routine part of their jobs.Security experts like Ross Anderson, Peter
Sommer, Bruce Schneier and Richard Clayton have written extensively about
this.To understand this you have to
think about how such systems can fail - how they fail naturally, through
technical problems and errors (a universal problem with computers), and how
they can be made to fail by attackers (insiders and outsiders) with malign
intentions e.g. the four horsemen. When the inevitable hacks, leaks, data
contaminations happen, what then?

Part 1 of the draft
bill is indefensible

Part 1 of the draft bill gives the Secretary of State
unlimited powers to mould data access regulations in perpetuity without the
need to consult parliament in any meaningful way:

(1) The Secretary of State may by order—

(a) ensure that communications
data is available to be obtained from telecommunications operators by relevant
public authorities in accordance with Part 2, or

(b) otherwise facilitate the
availability of communications data to be so obtained from telecommunications
operators.

(2) An order under this section may, in particular—

[...]

(b) impose requirements or
restrictions on telecommunications operators or other persons or provide
for the imposition of such requirements or restrictions by notice of the
Secretary of State"

There is no mechanism for amending such Henry VIII orders
and they usually get rubber-stamped by Parliament without material
scrutiny. The Secretary of State and her successors get to order anyone
to do anything that can be related to facilitating access to communications
data:

"“person” includes an organisation and any association
or combination of persons

[..]

“telecommunications operator” means a person who—

(a) controls or provides a
telecommunication system, or

(b) provides a telecommunications
service,

“telecommunication system” means
a system (including the apparatus comprised in it) that exists (whether wholly
or partly in the United
Kingdom or elsewhere) for the purpose of
facilitating the transmission of communications by any means involving the use
of electrical or electro-magnetic energy,

“telecommunications service”
means a service that consists in the provision of access to, and of facilities
for making use of, a telecommunication system (whether or not one provided by
the person providing the service)"

- this Bill could theoretically, as currently drafted mean
that we might be obliged to keep "who, what, when and where" records
of family and friends social gatherings which involve listening to music, TV
watching, internet or mobile phone use, electronic gaming or just chatting.
Unlikely though that might currently seem and far though it may be from the
current government’s intentions, the wording of the bill must be viewed in the
light of the inevitable progressive function creep (discussed below) and
through the lens of a less benevolent future government.

Inversion of innocent
until proven guilty principle

The notion that the day to day activity of every citizen
should be recorded in the expectation that those records can, in future, be
mined for nefarious activity is anathema to a healthy functioning liberal
democracy.

Control of my data

I have no control over my data, once it is collected by
third parties’ on behalf of the government. The government is placing me at
risk without my consent. The risks include

1.That police
have access to a record of my political beliefs and social habits

2.That these
records could be shared with private investigators or journalists

3.That these
records could be unlawfully accessed by foreign governments or criminal gangs,
and aid further identity fraud, blackmail or account hacking

This runs counter to everything governments including ours
are trying to do through promotion of good privacy practice and data protection
policies.

Suspicion should be
the test for surveillance

The government of course has the right to intercept and
record information when someone is suspected of a serious crime. But these
proposals mean collection of data without suspicion: which is in effect mass
surveillance. Due process requires that surveillance of a real suspected
criminal be based on much more than general, loose, and vague allegations, or
on suspicion, surmise, or vague guesses. To instigate the new set of legal
norms envisaged in the Communications
Data Bill which subsequently give the entire population less protection than a
hitherto genuine suspected criminal, based on a standard of reasonable
suspicion, is indefensible. The gathering of mass data to facilitate future
unspecified fishing expeditions is unlawful.

Accessing big data
sets opens up new police surveillance powers

Being able to compare location data, contact histories,
websites visited and so on will give the police the generalized ability to
track any group, from sports fans to political protesters. This will create
extreme risks for whistleblowers, journalists’ sources and legitimate but
inconvenient forms of protest.

This is not “preservation” of capacity but a huge extension
of policing powers, which deserves proper democratic debate, starting with a
full public consultation.

Undermining of
Fundamental Rights

The proposals fundamentally undermine the right to privacy
guaranteed in the Human Rights Act and article 8 of the European Convention on
Human Rights. The Bill also undermines fundamental rights relating to freedom
of assembly, speech, religion and association.

Comms data and
traffic data cannot be separated simply in the way that the Bill assumes

I can only echo the concerns on function creep expressed by
Paul Bernal in his submission to the consultation:

"when a system is built for one purpose, that purpose
will shift and grow, beyond the original intention of the designers and
commissioners of the system. It is a familiar pattern, particularly in relation
to legislation and technology intended to deal with serious crime, terrorism
and so forth. CCTV cameras that are built to prevent crime are then used to
deal with dog fouling or to check whether children live in the catchment area
for a particular school. Legislation designed to counter terrorism has been
used to deal with people such as anti-arms trade protestors – and even to stop
train-spotters photographing trains.

In relation to the Communications
Data Bill this is a very significant risk – if a universal surveillance
infrastructure is put into place, the ways that it could be inappropriately
used are vast and multi-faceted. What is built to deal with terrorism, child
pornography and organised crime might creep towards less serious crimes, then
anti-social behaviour, then the organisation of protests and so forth. Further
to that, there are many commercial lobbies that might push for access to this
surveillance data – those attempting to combat breaches of copyright, for
example, would like to monitor for suspected examples of ‘piracy’. In each
individual case, the use might seem reasonable – but the function of the
original surveillance, and the justification for its initial imposition, can be
lost."

The temptation for public and commercial services to use the
data gathered for purposes not originally intended will be overwhelming. If it
can be done it will be done regardless of original good intentions.

RIPA needs to be
fixed first

Data retention is already excessive and creating risks. The
access policies for police are too wide and lack judicial supervision. There is
no notification policy for people who been placed under surveillance.

These problems should be fixed before the government
suggests new surveillance powers.

We are in a recession

Spending billions of pounds surveilling innocent people
while cutting back on policing seems wrongheaded. I would rather money is spent
on front line intelligence, policing, detection and emergency response work.

Bad examples to
foreign governments

There are no democratic governments that force companies to
aid surveillance through collection and creation of new data sets. How can the UK seriously
stand up for human rights while abusing the privacy of millions of innocent
citizens?

Conclusion

The government has failed to make the case for the need for
the new powers proposed in the draft Bill. There is a significant danger in
measures like the CDB of stumbling by default into a police state, just because
the technology of mass surveillance is now more readily available and nominally
more sophisticated. We need to avoid deploying these technologies blindly in
response to some perceived threat. Without sufficient reasoned analysis of the
purpose and detailed requirements of the technical systems we propose to build
to counter these threats, we could find ourselves building technological
monsters. Building an infrastructure of surveillance makes our citizens and our
state more vulnerable not less so to attacks by criminal elements such as the four
horsemen of the infocalypse and rogue states with malevolent intent.